diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-12-28 23:15:49 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-12-28 23:15:49 +0100 |
| commit | d95d2ff05f816c4023fdaa6db14819f86d3044bf (patch) | |
| tree | 3bea800fbb0c26515eb576778d2f2875e61b8d77 /createaccount.cgi | |
| parent | 6f323ff54643622bcd31f6b7577ab1a23d16f590 (diff) | |
| download | bugzilla-d95d2ff05f816c4023fdaa6db14819f86d3044bf.tar.gz bugzilla-d95d2ff05f816c4023fdaa6db14819f86d3044bf.tar.xz | |
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
r=dkl a=LpSolit
Diffstat (limited to 'createaccount.cgi')
| -rwxr-xr-x | createaccount.cgi | 31 |
1 files changed, 4 insertions, 27 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index 98c5c8318..acc63e891 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -31,35 +31,19 @@ use lib qw(. lib); use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; -use Bugzilla::User; -use Bugzilla::BugMail; -use Bugzilla::Util; use Bugzilla::Token; # Just in case someone already has an account, let them get the correct footer # on an error message. The user is logged out just after the account is # actually created. -Bugzilla->login(LOGIN_OPTIONAL); - -my $dbh = Bugzilla->dbh; +my $user = Bugzilla->login(LOGIN_OPTIONAL); my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; -my $vars = {}; - -$vars->{'doc_section'} = 'myaccount.html'; +my $vars = { doc_section => 'myaccount.html' }; print $cgi->header(); -# If we're using LDAP for login, then we can't create a new account here. -unless (Bugzilla->user->authorizer->user_can_create_account) { - ThrowUserError("auth_cant_create_account"); -} - -my $createexp = Bugzilla->params->{'createemailregexp'}; -unless ($createexp) { - ThrowUserError("account_creation_disabled"); -} - +$user->check_account_creation_enabled; my $login = $cgi->param('login'); if (defined($login)) { @@ -68,16 +52,9 @@ if (defined($login)) { my $token = $cgi->param('token'); check_hash_token($token, ['create_account']); - $login = Bugzilla::User->check_login_name_for_creation($login); + $user->check_and_send_account_creation_confirmation($login); $vars->{'login'} = $login; - if ($login !~ /$createexp/i) { - ThrowUserError("account_creation_restricted"); - } - - # Create and send a token for this new account. - Bugzilla::Token::issue_new_user_account_token($login); - $template->process("account/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; |